In short, when you set up an Internet account with your bank, are you having to involve your broadband provider in the process? Answer: no. It's all between your PC and your bank.

The Bluetooth Smart/Dumb interface should not need to become involved, except in cases where Transport Layer Security (TLS) is not feasible or too cumbersome. Same applies, for example, to WiFi. If you can use TLS or IPsec protocols over your WiFi, then the need for WiFi's own security layer is lessened considerably. (Mostly, WiFi's security protocol is used to prevent others from clogging up your broadband link, but not to prevent others from accessing your bank account!)

In this specific case, to lock/unlock the doors and to open windows, the automakers can simply use TLS between your own cellphone and the MCU that controls those functions. If this involves too much delay, the best bet by far is to install a faster MCU!!

@alex_m1, not exactly... legacy Bluetooth hops frequency in every 625usec, but Bluetooth LE use more static "channel selection" per-connection bases. It is still dynamically allocated, but not exactlly FH spectrum spreading.

I may be missing something here, but aren't they saying that the only security flaw is in the initial pairing? iF that's the case, can't careful pairing circumstances/measures solve this? Pairing is a one-time thing.

<<*if* they rely on BLE's built-in security and *if* the attacker is able to observe the user pairing with the phone.>>

Security should of course be a concern, but I think reliability is a far bigger concern.
Having said that, I recently saw an episode of a TV drama in which a murder was committed by a hacker who remotely commanded his victim's airbags to deploy, causing a fatal crash. Food for thought as we march toward wireless connectivity in cars.

@Rick, it is true. Reliability is a big issue, when it comes to anything wireless.... But when I asked several experts about interference issues of BLE, I got their answers saying that they are little concerned. But security? Yes, they are worried.